Email addresses of millions of Twitter users reportedly compromised in data breach where more than 200 million Twitter users’ email addresses are reportedly freely available on a hacker forum.
Users who signed up anonymously and used a sensitive email address may be concerned that their information was taken.
No one at the BBC has checked the material. And data breaches frequently turn out to contain outdated or fabricated records.
In spite of repeated attempts to get Twitter to comment on the hack, the company has remained silent.
According to Alon Gal of the cyber-crime information,the leak was “important” because it held more than 200 million email addresses.
According to Mr. Gal, this would “sadly lead to a lot of accounts getting hacked, targeted with phishing, and doxxed.”
“Doxxing” refers to revealing private information about an individual with the intent of allowing that person’s identification to be made.
You can view the content even if the BBC hasn’t yet by spending 20p in forum credits.
As one customer put it, “Thanks for your service; I can’t wait for the mayhem.”
Media outlet specializing in technological developments Bleeping Computer has acquired the information and verified that several of the linked Twitter identities have valid email addresses. Data duplication was also discovered.
Evidently, not everything in the dataset has been verified, they found. Many users were not discovered in the leak, hence the dataset is incomplete.”
Another researcher suggested, many Twitter accounts are featured many times. However, the total number of unique email addresses involved is over 100 million.
Already looking into it:
This comes after a warning was issued by Hudson Rock last week. After a hacker’s alleged possession of email addresses and phone numbers associated with 400 million Twitter accounts.
Ryushi, the hacker, asked for $200,000 (£168,000) in exchange for deleting the information and handing it over to Twitter.
However, Mr. Gal claims that the current free internet data is lower in size. And does not include phone numbers because it was shared by another people.
Verifying the authenticity of the stolen information is incredibly difficult, as is always the case with massive database thefts.
Three Twitter users have confirmed to me that their leaked email addresses are authentic, thus it seems likely that at least some of the sample data the criminal is supplying is legitimate.
They, along with everyone else on the list, now face the real possibility of being targeted by cybercriminals and other exploiters.
However, the hack’s development over time can possibly reveal something significant.
An initial attempt to extort thousands of dollars from Twitter involved accusations of a catastrophic breach.
Now, you can get your hands on a trove of information for as little as twenty pence.
It’s possible that the disclosed information is a useless mash-up of data from other breaches and completely fabricated information.
Twitter knows for sure, but the firm (which has dismantled its media communications department since Elon Musk’s acquisition) has declined to even address the situation.
Many years have passed since social media companies first began hastily brushing off such data scrapes as minor security breaches, but this time is different.
However, as Facebook’s recent £230 million fine for a 2021 scraping episode demonstrates, the digital industry appears to be losing the debate.
Grey line for presentations, 2px in width
Research of DPC:
The Data Protection Commission (DPC) of Ireland has stated that it will “review Twitter’s compliance with data protection law in respect to the security issue” after hearing about Ryushi’s claim.
There was a data breach in November involving more than five million accounts, and the DPC is already looking into it because of the exposure of associated email addresses and phone numbers.
A security breach in the Twitter system is suspected to be the source of the newly disclosed information. This breach would allow for a so-called scraping attack.
This required manipulating an API (application programming interface), a piece of software that communicates with Twitter, into disclosing confidential information.
In November of 2021, hackers exploited the hole. At the beginning of 2022, Twitter claimed to have resolved the issue.